Block Porn with Proxy Auto Configuration
You don't need to spend money to stop your kids from accidentally browsing to a porn site. You don't even need to install a new program. The magic is done with a file called a "Proxy Auto Configuration" (PAC) file.
Now that you understand a bit about proxies and PAC files, maybe you see a way out! What if the PAC file told your browser it could connect directly to a site like www.disney.com, but told your browser it had to use a non-existent proxy to connect to www.sex.com? Then every time you tried to browse to www.sex.com, your browser wouldn't find the proxy, so couldn't make the connection!
BadURL_Parts[i++] = "celeb";
BadURL_Parts[i++] = "centerfold";
I bet you'll have no problem figuring out how to modify those words to suit your own needs. You just open up Notepad (Under "Start", "Programs", "Accessories"), then drag the PAC file (named "proxy") into Notepad. Save it when your done. Your computer may freeze for a few seconds after you save the file, and you may have to restart your browser to make your changes active, but that's all there is to it.
Automatic Download, Installation, and Configuration Script
The script will offer to automatically download the most recent pac file from hostsfile.org and the most recent hosts file from mvps.org. It will put the downloaded files in the right place and make sure they have the right names. It will offer to create editing shortcuts for the files. It will also offer to configure Internet Explorer to use the new PAC file. What's more, the script will offer to place a batch file in the "All Users" startup folder to automatically configure the browsers of everybody else who logs in on the computer. The script will only set up "LAN" settings (DSL, broadband, cable, or satellite) and will not affect dialup connections. It will only set up the Internet Explorer browser and won't affect FireFox or any other browser. If you need support for dialup or other browsers, you can use the script to get most of the work done, but you'll need to follow the "dialup" and "other browsers" part of the installation instructions below (green text) to finish the job.
HostsFile.org PAC / Proxy file
I used to have a proxy file I offered, but this one is better, so I got rid of mine. HostsFile.org and my site both link to each other, but we have very different ideas about how to install the PAC file. You can either do it my way (the automatic script above or the instructions below) or do it their way. Both will work. I like to hide the proxy file to keep it away from kids. HostsFile.org likes to put it in a central location to make it easier to edit and maintain. You decide what fits your situation best.
Where to put
the PAC file
Most people who discuss PAC files are kind of vague about where to put them or what to name them. I'm going to be specific. The PAC file should be named "proxy" with no file extension and it should be in the same folder as your "hosts" file. Why? This puts it in a folder normally reserved for system files (which is good, because this is a system file), the lack of a file extension makes it look like all the other files there (so it won't attract attention), and the lack of a file extension makes it difficult for kids to open. The folder we are discussing is located here:
2. Configure your browser to use the PAC file
In the Internet Explorer menu, select "Tools", then "Internet Options", then go to the "Connections" tab. Click the "Settings..." or "LAN Settings..." button depending on whether you have broadband or a dialup connection. If you aren't sure, you can do both.
Check the "Use automatic configuration script" box and enter the location of your PAC file. You must use the "file://" protocol when specifying your file location. It's a little awkward to type in because all the slashes go the "wrong way", but when you get done, you should have something like this:
If you have cable broadband or DSL, you may want to do this for both the "LAN Settings" and "Settings" so you can't bypass everything by going through a dialup connection!
If you only have dialup, you still may want to do this for the "LAN Settings" so it will all be ready when you upgrade next year.
If you have a browser other than IE, the settings will be different, but not so much that you can't figure it out. For example, on FireFox, you go to the menu and select "Tools", then "Options", then select the "General" category, click the "Connection Settings" button, select "Automatic proxy configuration URL", and enter the path to your PAC file. Pretty simple.
3. Define your local intranet security zone
Microsoft wrongly assumes that if there is a proxy (even one that doesn't exist), anything that doesn't use the proxy must be in your local intranet. Wrong! That would be a very bad thing from a security point of view! Typical Microsoft. We need to fix that. In the Internet Explorer menu, select "Tools", then "Internet Options", then open the "Security" tab. Select the "Local intranet" icon, then hit the "Sites" button. Remove the check from the "Include all sites that bypass the proxy server" box.
4. Disable Proxy Caching
When IE sees that a proxy is needed for a web site, it uses the same proxy again later for the same web site. Normally, that's a good thing; a time-saver. For our purposes, it's ruinous! If I do a Google search for "sex", I want the PAC file to block it by directing the browser to a bad proxy. If IE remembers that proxy, that means it will continue blocking Google, even if I later search for "flowers". We need to force IE to look in the PAC file every time to decide whether a proxy is needed or not! If you want to do it manually by making a registry change, you can read http://support.microsoft.com/?kbid=271361. If you do, you'll end up with a result like this:
Notice that the registry section shown is for the current user. That means you'll have to change this setting for all your users. Generally this means you'll have to actually log in as every user and effect this setting. Of course, you could write a script to do it and put it in the "All Users Startup" or in the HKLM run section, but we're talking about manually installing things here.
If you don't want to manually edit the registry, John R. Lo Verso (who is the grand master of PAC files and quite a few other things) has created a registry file:
You can run it directly from the web or download it and double-click it. This registry file will not only turn off proxy caching, but it will add an "Automatic Proxy Configuration" entry in your advanced Internet properties window (which you can see to the right). Of course, this is still a per-user setting, so you'll have to make sure every user that has a separate login gets the same treatment.
As you can see by the label for "no-ads" (to the right), John writes his PAC files to block Internet advertising. I write mine to block Internet porn. It's not really difficult to combine both jobs into a single PAC file, but I've got a few problems with it:
5. Empty your browser's cache
This is really optional. If you've been to a porn site, the page and pictures are in your cache. If you go there again, even if the PAC file blocks it, your browser could show you the old data. If you haven't been to a porn site, you don't need to worry about emptying your cache!
6. Set up a dummy proxy server
The only reason you may need to do this is if you use this pac file solution on something other than IE, FireFox, or Mozilla. If you do, and if that other application seems to hang, you may need to get a real proxy server. Another reason to set up a dummy server is if you don't like to see error messages in your web pages! The simplest proxy server is "Homer". Naturally, I've made a Homer auto-installation script that will download and install Homer correctly for you.
The great thing about Homer is that it returns a blank image to replace the ad or porn image that might have originally displayed. This stops the error from being displayed and gives you "nothing" in return. It also has a log to show you what URLs are being blocked.
HostsFile.org PAC files and Hosts files
John Lo Verso's "Bust Banner Ads with Proxy Auto Configuration" web
Sheryl Canter's "Kill Internet Ads with HOSTS and PAC Files" article:
Homer LocalHost web server (prevents visible error messages when you block sites)
Larry Wang's Black Hole Proxy for use with PAC or HOSTS files:
Pyrenean's eDexter local image server for use with PAC or
"WebWasher Classic" Internet filter program is free for
Open Source "Privoxy" is a true proxy that can handle multiple computers:
Pyrenean's DNSKong personal DNS server can return dummy IP addresses for known web sites:
Internet Filter's list of over 400,000 known porn web sites:
Script to save the Internet Filter porn list as a text file with one site per line:
Lost? Look at the site map.
Bad links? Questions? Send me mail.